Systems and methods of the present invention provide for one or more server computers communicatively coupled to a network, running a DNS server, and configured to: receive, from a client computer, an electronic message encoding a DNS request; access, within a database, at least one DNS record comprising: a designation of the DNS server as an authoritative DNS server for the DNS request; and a resource record designating a secondary authoritative server running on a second server computer; transmit, to the client computer, a DNS result according to the first resource record; transmit, to the secondary authoritative server, a second electronic message encoding a DNS query according to the second resource record; receive, from the secondary authoritative server, a DNS query result; store the DNS query result within a cache stored within the server computer; and transmit, to the client computer, the DNS query result.

Systems and methods of the present invention provide for one or more server computers communicatively coupled to a network, running a DNS server, and configured to: receive, from a client computer, an electronic message encoding a DNS request; access, within a database, at least one DNS record comprising: a designation of the DNS server as an authoritative DNS server for the DNS request; and a resource record designating a secondary authoritative server running on a second server computer; transmit, to the client computer, a DNS result according to the first resource record; transmit, to the secondary authoritative server, a second electronic message encoding a DNS query according to the second resource record; receive, from the secondary authoritative server, a DNS query result; store the DNS query result within a cache stored within the server computer; and transmit, to the client computer, the DNS query result.

A method for propagating a movement event message of a network entity, including: step 1) a network device maintaining a historical forwarded information list, wherein a network device capable of receiving a movement event message from an external system or device maintains an uplink port information table; step 2) after receiving the message, the network device performs matching using the table to obtain a forwarding port and forwarding information of the message, and constructs a movement event forwarding message using the information and forwards through the forwarding port; and step 3) after a device receives the message, searching for a matching forwarding port and forwarding information of the message in the information list, modifying the message using the forwarding information, and forwarding the modified message through the forwarding port. The method is able to propagate a movement event message to a network device responsible for related data transmission and forwarding.

A method for propagating a movement event message of a network entity, including: step 1) a network device maintaining a historical forwarded information list, wherein a network device capable of receiving a movement event message from an external system or device maintains an uplink port information table; step 2) after receiving the message, the network device performs matching using the table to obtain a forwarding port and forwarding information of the message, and constructs a movement event forwarding message using the information and forwards through the forwarding port; and step 3) after a device receives the message, searching for a matching forwarding port and forwarding information of the message in the information list, modifying the message using the forwarding information, and forwarding the modified message through the forwarding port. The method is able to propagate a movement event message to a network device responsible for related data transmission and forwarding.

A method for sending a domain name system (DNS) request includes determining, by a terminal apparatus, an address of a first DNS server corresponding to a first application. The method also includes determining, by the terminal apparatus, a first address of the terminal apparatus based on the address of the first DNS server and an address of the terminal apparatus corresponding to the address of the first DNS server. The method further includes sending, by the terminal apparatus, DNS request information. The DNS request information includes an identifier of the first application, the address of the first DNS server, and the first address of the terminal apparatus.

A network device may be configured to receive one or more packets that are to initiate a communication session. The network device may be configured to process, using a plurality of packet analysis techniques, the one or more packets to determine analysis information associated with the one or more packets. The network device may be configured to determine, based on the analysis information associated with the one or more packets, whether the one or more packets are suspicious. The network device may be configured to cause or prevent inclusion in a NAT table, based on determining whether the one or more packets are suspicious, of at least one entry associated with the one or more packets and the communication session.

A network device may be configured to receive one or more packets that are to initiate a communication session. The network device may be configured to process, using a plurality of packet analysis techniques, the one or more packets to determine analysis information associated with the one or more packets. The network device may be configured to determine, based on the analysis information associated with the one or more packets, whether the one or more packets are suspicious. The network device may be configured to cause or prevent inclusion in a NAT table, based on determining whether the one or more packets are suspicious, of at least one entry associated with the one or more packets and the communication session.

A method is implemented by a router and includes: upon receiving a query on an Internet Protocol (IP) address for a domain name, sending the query to a DNS server in order for the DNS server to translate the domain name to an IP address and to transmit a DNS response containing the domain name and the IP address to the router; recording the domain name and the IP address in a table; sending the DNS response to an endpoint device so as to enable the endpoint device to establish a link with an application server via the router based on the IP address; finding the domain name in the lookup table based on the IP address; and determining a type of a service provided by the application server based on the domain name with reference to another table.

A method may include a processing system having at least one processor obtaining a first plurality of domain name system traffic records, generating an input aggregate vector from the first plurality of domain name system traffic records, where the input aggregate vector comprises a plurality of features derived from the first plurality of domain name system traffic records, and applying an encoder-decoder neural network to the input aggregate vector to generate a reconstructed vector, where the encoder-decoder neural network is trained with a plurality of aggregate vectors generated from a second plurality of domain name system traffic records. In one example, the processing system may then calculate a distance between the input aggregate vector and the reconstructed vector, and apply at least one remedial action associated with the first plurality of domain name system traffic records when the distance is greater than a threshold distance.

Systems and methods are provided for distributing a domain name service (DNS) response cache in a DNS resolving system on a network. The systems and methods described herein may improve response times for client queries and also protect the DNS resolving system from DNS related cyber attacks